On Wednesday 12 February 2003 11:11 am, Tesla 13 wrote: > If you consider like this, it is better to scan access log for abnormal > transfer sizes which would indicate tunneling sessions and block the target > hosts.
Ah yes of course :) Actually, do the squid logs contain how much time elapsed during the CONNECT? Maybe it would be more convenient to limit CONNECT sessions to, say, 5 minutes? Adequate for the longest CGI process, but fairly useless for people trying to use SSH. > The question was "...block in squid proxy server". Yes, but I think this question is more related to the UNIX ethos of smaller programs working together to achieve a greater task. Microsoft ISA would probably implement this as a 'Tunnel Stealth Mode' integrated into the main application, but I don't believe it's desirable for squid to perform this task in itself, hence the suggestion of monitoring the log files. Cheers, Gavin
